Sunburst Hack Costs SolarWinds At Least $18M

The company expects to incur "significant legal and other professional services expenses" associated with the hack of its software in future quarters.
Matthew HellerApril 14, 2021

SolarWinds disclosed Tuesday that it took a hit of at least $18 million from the massive Russian malware attack that compromised its flagship Orion technology management software. In releasing preliminary first-quarter results, SolarWinds said it spent $18 million to $19 million to “investigate and remediate the cyber incident,” related legal and other professional services, and consulting services provided to customers at no charge.

“We expect to incur significant legal and other professional services expenses associated with the cyber incident in future periods,” the company warned.

Investigators have traced the so-called Sunburst hack to updates of the Orion software that were released between March and June of 2020. Around 18,000 Orion customers installed the compromised update, many of whom are in the U.S. federal government.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

SolarWinds has hired cybersecurity company CrowdStrike and professional services firm KPMG to help it investigate the attack.

SolarWinds’ shares rose 2.1% to $18.05 in trading Tuesday as it also estimated it will lose between $16.62 million and $16.87 million in the first quarter on revenue of between $255.9 million and $256.9 million.

Separately, the North American power grid regulator said about 1,500 electric utilities installed the infected Orion software, with a minority of them downloading into their “operational technology” networks. The North American Electric Reliability Corp. (NERC) had asked its members in December to report back on how exposed they were to the software.

“It should come as no surprise that this high percentage of companies report having downloaded the malicious binary when you look at the scope and scale of the Sunburst campaign,” Nick Andersen, a former senior Department of Energy cybersecurity official, told CyberScoop.

However, Manny Cancel, a senior vice president at NERC, said that “The overwhelming majority [of electric organizations] did not experience any of the indicators of compromise, meaning the command-and-control activity. From that respect, we did not see what some of the other sectors were seeing with the compromise.”

BalkansCat/iStock Editorial/Getty Images Plus